PDA software grab bag

By Michelle Speir

May 05, 2003

You're on the road, 1,000 miles from the office and in a panic. Your home office network just crashed, you need to give a presentation, and the client just asked for hard copies. All you have is a handheld computer. The day will get worse later, when you lose your handheld at the airport.

If you had only loaded onto your handheld the three products we review here, you'd be relaxing and sipping a cup of coffee instead of panicking.

In the past few years — especially with the introduction of the Pocket PC — the power of personal digital assistants has reached a surprising level. Once a convenient device for personal information management, today's handheld can manage your entire network, send print jobs and faxes, give presentations and much more, all thanks to third-party products.

In addition, handheld security has become quite sophisticated. Many products on the market are dedicated exclusively to securing a handheld in case of theft or loss, such as Asynchrony Solutions Inc.'s PDA Defense.

Others are keenly aware of the danger of downloading sensitive information onto the device itself. Expand Beyond Corp.'s Mobile IT Ready Kit, which allows you to manage your network and databases from a handheld, does not store any data on the device itself. You can make all changes in real time.

Xerox Corp.'s mDoc follows the same principle when sending print jobs and faxes from handhelds.

Margi Systems Inc.'s Presenter-to-Go is a fun, handy tool that lets you leave the notebook at home when traveling to make presentations. (This review is available as a Web extra on FCW's Web site.) In this case, presentations are stored on the handheld or on memory cards, so if the information is sensitive you should guard it carefully — or install a security product such as PDA Defense.

In addition to these reviews, we list a buyer's guide sampling online of some of the major PDA software products on the market today. We group them into several major categories. This list is not comprehensive but rather is intended to give readers an idea of the wide variety of products available.

Mobile IT Ready Kit: Management Made Easy

Every network administrator has a horror story about a server or database crash occurring when no dial-up connection was available. Even general maintenance can be extremely inconvenient when traveling.

Now imagine gaining real-time wireless access to the network from anywhere at any time, where access means not just monitoring but the ability to carry out any network command in real time.

It's almost like having the entire network in your pocket — hence PocketAdmin, the name of Expand Beyond's wireless network administration product that runs on handheld devices.

The company's Mobile IT Ready Kit combines PocketAdmin with a database administration product called PocketDBA. Both allow administrators to access networks and databases with full real-time command functionality, just as if they were sitting in front of the server itself.

Both applications are available separately, but for administrators requiring both, the Mobile IT Ready Kit provides a convenient bundle with combined licensing, maintenance and support. The departmental kit includes up to 75 CPU licenses and five handheld devices, and the enterprise kit buys 76 or more CPU licenses and includes 10 handheld devices. Customers can specify the type of handheld desired and the wireless service they wish to use.

Both Mobile IT Ready Kit applications offer robust security, using multiple layers of encryption and more. Since administrators connect in real time, data is not stored on the handheld (unlike many other products of this type), so if the device is lost or stolen the network will not be compromised.

As an administrator, you can use PocketAdmin to monitor any number of servers from a handheld device. Remote access is provided through full Secure Shell (SSH) terminal emulation and cursor control. SSH is more secure than Telnet because the log-in session is encrypted.

PocketAdmin can connect to any VT100-compliant Unix, Microsoft Corp. Windows, firewall or router interface. You can carry out any server command possible.

The program allows you to manage system processes, view log files, run custom scripts and edit files using vi, Unix's standard text editor.

This functionality includes starting and stopping databases, Web servers and enterprise applications; configuring hardware; monitoring and allocating resources such as disk space, memory, connections and statistics; and executing continuous-output Unix commands such as pinging.

You can also create macros for sending custom commands, and you can create and execute custom programs such as shell scripts and batch jobs.

As for security, PocketAdmin offers multiple layers for a robust solution. You can use any standard encryption algorithm over SSH, such as the Data Encryption Standard, 3DES, Blowfish, the Advanced Encryption Standard (AES) and more. The program can also integrate with your network's mobile virtual private network or RSA Security Inc.'s SecurID standard. In addition, secure tunneling can be used to transmit data from other applications. Finally, you can change encryption keys at the desktop or in the field using local or remote key exchange.

PocketAdmin's interface is straightforward. All major functions are accessible from one drop-down menu. Entering, editing and deleting data are simple via the graphical user interface, designed in the style of Windows.

PocketDBA, meanwhile, is a database administrator's dream. Like PocketAdmin, it allows you to execute any possible database command from the handheld in real time.

You can create and alter tables and other objects, manage storage by allocating disk space and reorganizing tables, and execute any SQL query.

You can also manage jobs, start and stop instances on the server, and configure database instances. Further, you can execute shell commands and display current system and storage statistics.

PocketDBA comes in three flavors, with applications for Oracle Corp., Microsoft SQL Server and IBM Corp. DB2 UDB databases. A product for Sybase Inc. will be available in June. There is no limit to the number of databases that can be controlled with PocketDBA.

PocketDBA also assists with sessions management; you can monitor the activity of all connected users as well as create new log-ins, change passwords and enable or disable accounts. The Oracle version includes an audit function that enables you to track past activity, such as when a database was deleted and by whom.

For secure transmissions, PocketDBA supports VPN, Secure Sockets Layer and RSA SecurID. Thanks to its midtier architecture, database servers are not accessible from the public Internet.

Network administrators, prepare to fall in love. The Mobile IT Ready Kit will make your job a whole lot easier, and you won't need to worry about pared-down functionality or security holes. You might as well have your entire network or database in your pocket.

mDoc: When Paperless Isn't an Option

By now handheld productivity is a familiar concept. Everyone knows about surfing the Web and e-mailing from the road with a device that fits into your pocket. But how about printing and faxing?

Xerox Corp.'s mDoc 3.1 harnesses the power of handhelds to produce hard copies on the road — no need to lug stacks of paper on airplanes, and you can print or fax documents on demand so they're ready to go for meetings, presentations and last-minute information requests.

MDoc does more than print and fax, however. It's a flexible solution that offers viewing, printing and faxing of e-mail attachments, secure access to documents stored on servers, and even forms capability.

You can use mDoc with any wireless handheld device or cell phone with e-mail and Internet capability. What's more, you can use a combination of different handheld types within the same deployment.

As with Expand Beyond's Mobile IT Ready Kit, documents are not downloaded or stored on the handheld. They remain on their file servers behind the network's firewall, and no new firewall holes are required.

Documents can be accessed from Windows NT servers and document repositories. The two compatible repositories are Xerox's DocuShare and Documentum Inc.'s eContent Server. MDoc can retrieve documents from all three repository types in a mixed environment.

For hard-copy output, documents can be delivered to public printers, local-area network printers (from all manufacturers) and any fax machine. For public printer use, Xerox has partnered with Electronics for Imaging Inc. so users can send documents to any EFI-enabled public printer, such as those in hotels, airports and quick-print shops.

Typically, a traveling employee would visit the same locations regularly and the administrator would pre-enter the Domain Name System name, IP address or mDoc name (the name given to the printer by the mDoc administrator) of each printer at a remote site. Then, when printing at a site, the employee can simply select the desired printer from a list.

For faxing, the administrator needs to set up one of two compatible fax services on the network: Captaris Corp.'s RightFax server or Interstar Technologies Inc.'s LightningFax server. Then the user can simply type in any fax number to send e-mail messages, attachments and documents stored on the server.

The forms function is a useful and unique feature, with mDoc being the only product we are aware of to offer this capability. Travelers can use their desktop PCs to create their own Microsoft Word document forms in advance and store them in the document repository. (However, they must be saved in rich text format to use with mDoc.) The form can then be filled out and personalized on the handheld, then printed or sent to a fax machine on the road.

MDoc also comes with administration software that includes configuration and management tools for authenticating users. Other capabilities include changing passwords, setting up network printers, monitoring system performance logs, configuring security settings and generating usage reports.

Because our test lab does not have the printer and fax infrastructure needed to fully test mDoc, we participated in a demonstration at a Xerox facility using a Research in Motion Ltd. BlackBerry 957 device.

The device had been prepopulated with printer addresses, forms and other information necessary to run it through its paces.

We liked the menu-driven interface, which blended well with the BlackBerry interface and made it easy to find different functions. Printing and faxing text documents took just a few minutes, while full-color graphics documents took several minutes longer.

Faxes automatically generate an mDoc cover page listing the date, time, fax number and sender. You can also fill in the recipient's name and type a message.

Most of the printing and faxing was done at Xerox's facility, but we also sent two faxes back to our office (by simply typing in the fax number) and they were waiting for us when we returned.

MDoc adds yet another dimension to mobile productivity. Frequent travelers who often find themselves needing to produce or send hard copies while on the road will marvel at the power this package gives a handheld or cell phone.

PDA Defense Enterprise: For the Security-Conscious

It's no secret that handhelds require security protection against data theft. But what may not be as obvious is the extent to which most devices are vulnerable unless a robust security application is added.

If you think a password is all the protection your handheld needs, think again. A quick glance at hacker Web sites reveals publicly available programs that allow anyone to bypass handheld passwords. Hackers can also launch "brute force" password attacks that automatically generate any number of possible passwords and try each one in turn.

PDA Defense Enterprise from Asynchrony Solutions not only provides robust security for handhelds, but also allows administrators to centrally manage the security policies on each device.

We were impressed with the high level of flexibility and strength of security this program offers, as well as the convenience of deploying and managing it over a large enterprise with many devices. Administrators can provide numerous levels of security, depending on the options chosen in the program's Policy Editor module.

The Policy Editor runs on a desktop PC and is the heart of PDA Defense Enterprise. The program offers a host of password options, such as setting a minimum length and requiring both letters and numbers. To prevent end users from reusing a password when policy requires changing it, you can set the program to remember previously used passwords.

Our favorite password feature allows the administrator to create a temporary password that can unlock a handheld if necessary. Using a unique handheld-generated ID number, the administrator can use the desktop software to generate a password that will be valid for one hour.

You can set the handheld to automatically lock when the power is turned off or if the device remains inactive for a specified period of time, but if that's not drastic enough you can set "the Bomb."

The Bomb is one of the strongest security features in PDA Defense Enterprise. It's a data bit-wipe that will not only erase data, but also overwrite it to prevent recovery.

Unlike many data-erasing programs that wipe the entire device clean, the Bomb allows administrators to select individual applications and databases to be erased. Only flagged data will be deleted if the Bomb goes off.

The Bomb can be triggered in two ways. The first protects the handheld from brute force password attacks by limiting the number of incorrect log-in attempts. The other sets off the Bomb if the device has not been synchronized within a certain amount of time ranging from one hour to one year. If using a Palm Inc. device running Palm OS 4.0 or newer, all of the wiped data can be recovered with a HotSync operation.

The Policy Editor section also contains options specific to each of the three types of handheld devices with which the program is compatible. We used a Palm i705 so we only reviewed the Palm options.

Stealth Mode is an interesting feature that alters the PDA Defense Lockout Screen (the screen that appears when a device becomes locked) to look like the default Palm OS security screen. Thieves can't hack a program they are unaware of.

On Palm devices, administrators can choose from three sets or subsets of records to be encrypted: all records on the device, all of the private records or only private records that the administrator has selected. This list is also used to select records to encrypt and records to be bit-wiped if the Bomb is activated. Each record can be set for one or the other, or both.

Two encryption options — fast or strong — are available. If the strong option is selected the administrator can choose between 128-bit or 512-bit Blowfish encryption, or 128-bit, 192-bit or 256-bit AES encryption.

The fast option contains a nonstandard 128-bit custom algorithm designed for faster performance. This setting could be useful for public records that do not require as much security as private ones.

We found the Policy Editor quite easy to use and logically arranged. All options are listed in either check box format or drop-down menus, so everything is easily accessible and no memorization is required.

To deploy policy settings to end-user Palm devices, administrators can simply use the Palm Desktop Install Tool. They can also use an optional HotSync install utility that comes with PDA Defense Enterprise or third-party application- deployment software.

We used the Palm Desktop Install Tool, and the process went smoothly. The program is transparent to end users except when passwords are required as determined by the administrator. When we triggered the Bomb, sure enough, our flagged data was wiped out.

We recommend PDA Defense Enterprise to agencies requiring serious handheld security in a highly customizable solution. The many options available in this program allow for many different levels of security that should fit any agency's particular needs.

Pricing is scalable and discounted for workgroup, department, site and enterprise levels. Licensing is modular so customers need only license the database module(s) they need. A three-year workgroup license for a suite of products can cost $10,000. Enterprise installations typically run from $100,000 to $200,000 for a perpetual license.

With this package, you can walk around with your network and databases in your pocket. The kit offers real-time access and allows you to execute literally any network command and manage your databases as though you were in the server room.

A license for a server and 20 users costs $3,360 on the General Services Administration schedule. Additional user licenses can be purchased in blocks of 10 for $40 per user. Annual maintenance costs 15 percent of the price paid. Installation and the e-mail attachment-handling capability cost extra. Discounts are available if purchased with a Xerox printer.

Road warriors will marvel at holding the power to print, fax and produce forms in the palm of their hand.
We tested mDoc on a Research in Motion Ltd. BlackBerry 957 handheld device; a Microsoft Corp. Windows 2000 server running Internet Information Server 5.0, Adobe Systems Inc. Acrobat Reader and Microsoft Office 2000, RightFax 8.0, and an NT File System file server and Xerox DocuShare for file repository
access.

MDoc is compatible with wireless handhelds or mobile phones with Wireless Application Protocol or HTTP Internet and an e-mail client. For server requirements, go to www.xerox.com/mdoc.